How Can We Achieve Efficient Privacy-Preserving Machine Learning? A Cross‑Layer Review

Team Introduction: This review is jointly produced by Peking University assistant professor Li Meng’s group, Ant Technology Research Institute, and Ant Secure Computing, summarizing and prospecting efficient privacy‑preserving machine learning from protocol, model, and system perspectives.

In the era of data privacy, achieving efficient machine‑learning while protecting user data is a joint challenge for academia and industry. The review "Towards Efficient Privacy‑Preserving Machine Learning: A Systematic Review from Protocol, Model, and System Perspectives" organizes the three major optimization dimensions of PPML and proposes a unified view across protocol, model, and system layers, offering clearer knowledge pathways.

Layer 1: Protocol‑Level Optimization

Although cryptographic protocols provide strong security guarantees, their application to AI incurs huge overhead. The review identifies two core pain points: (1) OT‑ and HE‑based protocols suffer severe communication and computation bottlenecks; (2) existing protocols ignore model‑specific characteristics such as sparsity and quantization robustness, lacking “model‑aware” design. It discusses the evolution of OT and HE protocols, coding schemes, and graph‑level protocols (e.g., secret sharing and HE conversions), summarizing linear‑layer and non‑linear‑layer encoding strategies.

Layer 2: Model‑Level Optimization

The review highlights that traditional techniques such as ReLU pruning and model quantization, when directly applied to PPML, often lead to high cost. It categorizes four model‑level optimization strategies:

Linear‑layer optimizations: efficient convolution design, low‑rank decomposition, layer fusion.

Non‑linear‑layer optimizations for ReLU/GeLU: polynomial approximation, pruning, and replacement.

Softmax optimizations: expensive operator replacement, KV‑cache pruning, attention‑head merging.

Low‑precision quantization friendly to OT and HE, with tables summarizing linear and non‑linear layer solutions.

Layer 3: System‑Level Optimization

Even with optimized protocols and models, system‑level awareness of protocol characteristics is essential to unlock true performance. Two optimization directions are discussed:

Compiler design that is protocol‑aware, supports flexible encoding and bootstrapping.

GPU‑centric designs that accelerate PPML workloads, comparing existing GPU‑accelerated frameworks and presenting performance tables.

Conclusion and Discussion

The review stresses that optimizing a single layer cannot satisfy the dual demands of privacy and efficiency in the large‑model era. It advocates cross‑layer collaborative optimization of PPML and outlines future research directions: joint protocol‑model‑system design, privacy‑preserving inference for large models, and lightweight privacy‑computing solutions for edge devices. It also notes challenges such as the limited high‑precision arithmetic in HE and suggests parameter‑efficient fine‑tuning techniques (e.g., LoRA) to build PPML‑friendly large‑model structures.

Original link: https://arxiv.org/pdf/2507.14519

The team maintains a long‑term GitHub project that continuously collects high‑quality PPML papers: https://github.com/PKU-SEC-Lab/Awesome-PPML-Papers